本人于2009年12月迁移至独立BLOG。
1、欢迎光临运维进行时,希望认识更多志向相同的朋友!
2、本站部分资源来源于网络,如有侵权请及时与我联系!
3、强烈建议使用Firefox、Opera、Safari及IE7以上的浏览器访问,以获得最佳浏览质量!
4、请勿发表与中华人民共和国法律、法规相抵触的言论,谢谢合作!
5、本人发布的文章与评论内容仅代表本人观点。
1、欢迎光临运维进行时,希望认识更多志向相同的朋友!
2、本站部分资源来源于网络,如有侵权请及时与我联系!
3、强烈建议使用Firefox、Opera、Safari及IE7以上的浏览器访问,以获得最佳浏览质量!
4、请勿发表与中华人民共和国法律、法规相抵触的言论,谢谢合作!
5、本人发布的文章与评论内容仅代表本人观点。
一、前言
为什么要引入第二版?由于第一版是基于Logzilla3.0,作者在Logzilla3.0以后做了licensed限制,可以从作者回复邮件的内容得到证实[图1]。因此需要定期去更新license.txt来达到延长使用期限的目的,个人感觉比较麻烦,同时还有主机及日志数的限制,这也是整理第二版的原因,当然,你也可以通过以下途径获取免费、无限制的licensed,见How to get a free, unlimited, license of LogZilla。但这不是本文所要讨论的话题:),第二版中本人采用logzilla2.9.9版来搭建一个免费、无限制的日志集中管理平台,功能上与3.0差异不大,好了,废话少说,我们开始吧!
平台截图
为什么要引入第二版?由于第一版是基于Logzilla3.0,作者在Logzilla3.0以后做了licensed限制,可以从作者回复邮件的内容得到证实[图1]。因此需要定期去更新license.txt来达到延长使用期限的目的,个人感觉比较麻烦,同时还有主机及日志数的限制,这也是整理第二版的原因,当然,你也可以通过以下途径获取免费、无限制的licensed,见How to get a free, unlimited, license of LogZilla。但这不是本文所要讨论的话题:),第二版中本人采用logzilla2.9.9版来搭建一个免费、无限制的日志集中管理平台,功能上与3.0差异不大,好了,废话少说,我们开始吧!
[图1]
平台截图
一、前言
目前查看系统日志比较被动,遇到系统不正常或故障时才会主动去检查服务器系统日志,这样一来不能及时了解系统的运行情况,因此部署Logzilla+sphine+syslog-ng来弥补这不足。以下为安装、部署平台详细步骤。(Logzilla是什么新东西?其实前身就是php-syslog-ng,引用作者的话“Php-syslog-ng is now known as LogZilla. Same owner, better code :-)”)
二、平台初始化
#yum install libdbi* libnet
#cpan Date::Calc Text::LevenshteinXS String::CRC32
三、下载相关包
#cd /home/install
#mkdir logzilla;cd logzilla
#wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm
四、开始安装
# cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/
# tar zxvf eventlog_0.2.9.tar.gz
# cd eventlog-0.2.9/
# rpmbuild --ba eventlog.spec.bb
# cd /usr/src/redhat/RPMS/x86_64
# rpm -Uvh libevtlog*
#cd /home/install/logzilla
#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
五、安装logzilla
#cd /www/webroot/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_3.0.85.tgz
#tar -zxvf logzilla_3.0.85.tgz
#cd logzilla/scripts
#./install.pl
(根据实际情况来回应就OK了)
===================
LogZilla Installation
====================
Enter the MySQL root username [root]:
Enter the password for root [mysql]:
Database to install to [syslog]:
Database table to install to [logs]:
Enter the name of the MySQL server [127.0.0.1]:
Enter the port of the MySQL server [3306]:
Enter the name to create as the owner of the logs database [syslogadmin]:
Enter the password for the syslogadmin user [syslogadmin]:
Enter the name to create as the WEBSITE owner [admin]:
Enter the password for admin [admin]:
Enter your email address [cdukes@cdukes.com]:
Enter a name for your website [The home of LogZilla]:
Enter the base url for your site (include trailing slash) [/logs/]: /
Where should log files be stored? [/var/log/logzilla]:
How long should I keep old logs? (in days) [30]:
========================================
Path Updates
========================================
Getting ready to replace paths in all files with "/www/webroot/logzilla"
Ok to continue? [y]:
Updating file paths
Modifying ../scripts/db_insert.pl
Modifying ../scripts/contrib/system_configs/logzilla.crontab
Modifying ../scripts/contrib/system_configs/syslog-ng.conf
Modifying ../scripts/contrib/system_configs/logzilla.apache
Modifying ../sphinx/indexer.sh
Modifying ../sphinx/sphinx.conf
Updating log paths
Modifying ../scripts/contrib/system_configs/logzilla.crontab
Modifying ../scripts/contrib/system_configs/logzilla.logrotate
====================
Database Installation
====================
All data will be installed into the syslog database
Ok to continue? [y]:
====================
Config.php generation
====================
Generating /www/webroot/logzilla/html/config/config.php
Ok to continue? [y]:
====================
System files
====================
Adding LogZilla logrotate.d file to /etc/logrotate.d
Ok to continue? [y]:
Where is your syslog-ng.conf file located? [/etc/syslog-ng/syslog-ng.conf]: /opt/syslog-ng/etc/syslog-ng.conf
Adding syslog-ng configuration to /opt/syslog-ng/etc/syslog-ng.conf
Ok to continue? [y]:
Found 1 sources
Which source definition would you like to use? [s_all]:
LogZilla installation complete...
Note: you may need to enable the MySQL Event Scheduler in your /etc/my.cnf file.
Please visit http://forum.logzilla.info/index.php/topic,71.0.html for more information.
Also, please visit http://nms.gdd.net/index.php/Install_Guide_for_LogZilla_v3.0#UDP_Buffers to learn how to increase your UDP buffer size (otherwise you may drop messages).
Please run /etc/init.d/syslog-ng restart
目前查看系统日志比较被动,遇到系统不正常或故障时才会主动去检查服务器系统日志,这样一来不能及时了解系统的运行情况,因此部署Logzilla+sphine+syslog-ng来弥补这不足。以下为安装、部署平台详细步骤。(Logzilla是什么新东西?其实前身就是php-syslog-ng,引用作者的话“Php-syslog-ng is now known as LogZilla. Same owner, better code :-)”)
二、平台初始化
#yum install libdbi* libnet
#cpan Date::Calc Text::LevenshteinXS String::CRC32
三、下载相关包
#cd /home/install
#mkdir logzilla;cd logzilla
#wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm
四、开始安装
# cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/
# tar zxvf eventlog_0.2.9.tar.gz
# cd eventlog-0.2.9/
# rpmbuild --ba eventlog.spec.bb
# cd /usr/src/redhat/RPMS/x86_64
# rpm -Uvh libevtlog*
#cd /home/install/logzilla
#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
五、安装logzilla
#cd /www/webroot/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_3.0.85.tgz
#tar -zxvf logzilla_3.0.85.tgz
#cd logzilla/scripts
#./install.pl
(根据实际情况来回应就OK了)
引用
===================
LogZilla Installation
====================
Enter the MySQL root username [root]:
Enter the password for root [mysql]:
Database to install to [syslog]:
Database table to install to [logs]:
Enter the name of the MySQL server [127.0.0.1]:
Enter the port of the MySQL server [3306]:
Enter the name to create as the owner of the logs database [syslogadmin]:
Enter the password for the syslogadmin user [syslogadmin]:
Enter the name to create as the WEBSITE owner [admin]:
Enter the password for admin [admin]:
Enter your email address [cdukes@cdukes.com]:
Enter a name for your website [The home of LogZilla]:
Enter the base url for your site (include trailing slash) [/logs/]: /
Where should log files be stored? [/var/log/logzilla]:
How long should I keep old logs? (in days) [30]:
========================================
Path Updates
========================================
Getting ready to replace paths in all files with "/www/webroot/logzilla"
Ok to continue? [y]:
Updating file paths
Modifying ../scripts/db_insert.pl
Modifying ../scripts/contrib/system_configs/logzilla.crontab
Modifying ../scripts/contrib/system_configs/syslog-ng.conf
Modifying ../scripts/contrib/system_configs/logzilla.apache
Modifying ../sphinx/indexer.sh
Modifying ../sphinx/sphinx.conf
Updating log paths
Modifying ../scripts/contrib/system_configs/logzilla.crontab
Modifying ../scripts/contrib/system_configs/logzilla.logrotate
====================
Database Installation
====================
All data will be installed into the syslog database
Ok to continue? [y]:
====================
Config.php generation
====================
Generating /www/webroot/logzilla/html/config/config.php
Ok to continue? [y]:
====================
System files
====================
Adding LogZilla logrotate.d file to /etc/logrotate.d
Ok to continue? [y]:
Where is your syslog-ng.conf file located? [/etc/syslog-ng/syslog-ng.conf]: /opt/syslog-ng/etc/syslog-ng.conf
Adding syslog-ng configuration to /opt/syslog-ng/etc/syslog-ng.conf
Ok to continue? [y]:
Found 1 sources
Which source definition would you like to use? [s_all]:
LogZilla installation complete...
Note: you may need to enable the MySQL Event Scheduler in your /etc/my.cnf file.
Please visit http://forum.logzilla.info/index.php/topic,71.0.html for more information.
Also, please visit http://nms.gdd.net/index.php/Install_Guide_for_LogZilla_v3.0#UDP_Buffers to learn how to increase your UDP buffer size (otherwise you may drop messages).
Please run /etc/init.d/syslog-ng restart